Kenneth C. Laudon,Jane P. Laudon Management Information System 12th Edition pdf

294

Part Two

Information Technology Infrastructure

authorization. It is possible to access data flowing over networks, steal valuable

data during transmission, or alter messages without authorization. Radiation

may disrupt a network at various points as well. Intruders can launch denial-of-

service attacks or malicious software to disrupt the operation of Web sites.

Those capable of penetrating corporate systems can destroy or alter corporate

data stored in databases or files.

Systems malfunction if computer hardware breaks down, is not configured

properly, or is damaged by improper use or criminal acts. Errors in program-

ming, improper installation, or unauthorized changes cause computer software

to fail. Power failures, floods, fires, or other natural disasters can also disrupt

computer systems.

Domestic or offshore partnering with another company adds to system vul-

nerability if valuable information resides on networks and computers outside

the organization’s control. Without strong safeguards, valuable data could be

lost, destroyed, or could fall into the wrong hands, revealing important trade

secrets or information that violates personal privacy.

The popularity of handheld mobile devices for business computing adds to

these woes. Portability makes cell phones, smartphones, and tablet computers

easy to lose or steal. Smartphones share the same security weaknesses as other

Internet devices, and are vulnerable to malicious software and penetration

from outsiders. In 2009, security experts identified 30 security flaws in software

and operating systems of smartphones made by Apple, Nokia, and BlackBerry

maker Research in Motion. 

Even the apps that have been custom-developed for mobile devices are capa-

ble of turning into rogue software. For example, in December 2009, Google

pulled dozens of mobile banking apps from its Android Market because they

could have been updated to capture customers’ banking credentials.

Smartphones used by corporate executives may contain sensitive data such as

sales figures, customer names, phone numbers, and e-mail addresses. Intruders

may be able to access internal corporate networks through these devices.

I n t e r n e t   V u l n e r a b i l i t i e s

Large public networks, such as the Internet, are more vulnerable than internal

networks because they are virtually open to anyone. The Internet is so huge

that when abuses do occur, they can have an enormously widespread impact.

When the Internet becomes part of the corporate network, the organization’s

information systems are even more vulnerable to actions from outsiders.

Computers that are constantly connected to the Internet by cable modems or

digital subscriber line (DSL) lines are more open to penetration by outsiders

because they use fixed Internet addresses where they can be easily identified.

(With dial-up service, a temporary Internet address is assigned for each

session.) A fixed Internet address creates a fixed target for hackers.

Telephone service based on Internet technology (see Chapter 7) is more

vulnerable than the switched voice network if it does not run over a secure

private network. Most Voice over IP (VoIP) traffic over the public Internet is not

encrypted, so anyone with a network can listen in on conversations. Hackers

can intercept conversations or shut down voice service by flooding servers

supporting VoIP with bogus traffic.

Vulnerability has also increased from widespread use of e-mail, instant

messaging (IM), and peer-to-peer file-sharing programs. E-mail may contain

attachments that serve as springboards for malicious software or unauthorized

access to internal corporate systems. Employees may use e-mail messages to

transmit valuable trade secrets, financial data, or confidential customer informa-

tion to unauthorized recipients. Popular IM applications for consumers do not

use a secure layer for text messages, so they can be intercepted and read by out-

siders during transmission over the public Internet. Instant messaging activity

over the Internet can in some cases be used as a back door to an otherwise secure

network. Sharing files over peer-to-peer (P2P) networks, such as those for illegal

music sharing, may also transmit malicious software or expose information on

either individual or corporate computers to outsiders.

W i r e l e s s   S e c u r i t y   C h a l l e n g e s

Is it safe to log onto a wireless network at an airport, library, or other public

location? It depends on how vigilant you are. Even the wireless network in your

home is vulnerable because radio frequency bands are easy to scan. Both

Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers.

Although the range of Wi-Fi networks is only several hundred feet, it can be

extended up to one-fourth of a mile using external antennae. Local area

networks (LANs) using the 802.11 standard can be easily penetrated by out-

siders armed with laptops, wireless cards, external antennae, and hacking soft-

ware. Hackers use these tools to detect unprotected networks, monitor network

traffic, and, in some cases, gain access to the Internet or to corporate networks.

Wi-Fi transmission technology was designed to make it easy for stations to

find and hear one another. The 

service set identifiers (SSIDs)

identifying the

access points in a Wi-Fi network are broadcast multiple times and can be picked

up fairly easily by intruders’ sniffer programs (see Figure 8-2). Wireless

networks in many locations do not have basic protections against 

Download 15,21 Mb.

Do'stlaringiz bilan baham: